TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Researchers scanned 10 million websites using TruffleHog and discovered 1,748 valid API credentials exposed on public webpages. Affected organizations include a globally systemically important bank, drone firmware developers, and government agencies. Credentials for AWS, GitHub, Stripe, and OpenAI were among those found. Most exposures (84%) appeared in JavaScript files, often inside Webpack bundles. Credentials remained exposed for an average of 12 months before discovery. After researchers notified affected organizations, the number of exposed credentials dropped by half within two weeks. The study argues that dynamic analysis of live websites is essential, as most prior research focused only on code repositories.

Security boffins harvest bumper crop of API keys from web